CA PSD2 SANDBOX

Steffen Miller

CA EMEA Presales Lead

API Management

2 © 2016 CA. ALL RIGHTS RESERVED.

Agenda

PSD 2 DEMO APP

PSD 2 SANDBOX PROJECT

PLATFORM OVERVIEW

IS THERE MORE ?

3 © 2016 CA. ALL RIGHTS RESERVED.

NEW: PSD2 App Video for Consumers

Watch this short video that demonstrates the vision for PSD2, and some of the key advantages of PSD2 for consumers.

At CA World '16 we launched the PSD2 demo app, developed by CA, to show how banks and aggregators can change the way consumers manage their money, transform the customer experience, and create innovative new financial products and services.

4 © 2016 CA. ALL RIGHTS RESERVED.

Demo

5 © 2016 CA. ALL RIGHTS RESERVED.

CA PSD2 Sandbox Provides

banking-specific developer portal with API docs and tools

Pre-configured services for banking APIs

PISP- and AISP-specific workflows

API monetization

integrated OAuth security framework

Support for the XS2A via end-user authentication with OpenID Connect and 2FA

6 © 2016 CA. ALL RIGHTS RESERVED.

CA API Management

Internet of Things

Mobile

SaaS/Cloud SolutionsAWS, Google, SFDC …

Partner Ecosystems

Developers

ID/Authentication

SQL Data

NoSQL Data

CA Live API Creator

CA API Gateway

Mobile SDKs

CA API Developer Portal

Customer Data Center or Cloud/IaaS

Existing APIs

Architecture – PSD2 Sandbox

Backend OpenBank Project

CA API Gateway 9.2CA Advanced

Atuthentication

CA API Gateway 9.2

CA API Portal

DM

ZIn

tern

alZo

ne

Developers Mobile Apps Web Apps IoT

PSD2’s API

Mutual Authentication SSL

Business APIs, for example PSD2 APIs

Communication Developers with the API Portal

Internal communication between API Portal and API Gateway DMZ

Routing to the backend services: HTTP(s), SQL, JMS, …

Communication between Advanced Authentication and API Gateway (s)

SSL

Internal communication between API Gateway DMZ and API Gateway Internal Zone

Machine Description

Backend contains backend services, BBDD, etc. just to simulate any of the backend system available in a bank

DMZ Gateway API Gateway (DMZ) exposing the business APIs in the DMZ and doing the following tasks: routing, transformations, handle traffic, cache, audit, etc. But, for security reasons any of these tasks could be delegated to the API Gateway located in the internal zone

Internal Gateway API Gateway the main task of this gateway is to manage the security services, tokens, etc. But, if needed some tasks done for the API Gateway (DMZ) could be done here, in the internal zone

API Portal API Portal to be able the developers of apps can discover APIs, documentation, tests, etc.

Advanced Auth. Advanced Authentication to be able to check the risk and generatesany strong authentication, for example OTP.

8 © 2016 CA. ALL RIGHTS RESERVED.

EMEA Presales Lead

steffen.miller@ca.com

Steffen Miller

twitter.com/CAinc

slideshare.net/CAinc

linkedin.com/company/ca-technologies

ca.com

12 © 2016 CA. ALL RIGHTS RESERVED.

EU im “driving seat”; PSD2, GDPR in 2018

The General Data Protection Regulation (GDPR)(Regulation (EU)

PSD2 und API … Schnittstellen zu den TPPs…

PSD2 API

Zusätzliche API

AP

I Man

agem

ent

Kernbanken System

Funktion 1

Funktion 2

Funktion 3

Funktion n

1

2

2

TPP : Third Party Payments Service ProviderPISP: Payment Initiation Service ProvidersAISP: Account Information Service Providers

PSD2 – new players (II)

Die Bank zwischen zwei Eco-Systeme

Die Zukunft hat begonnen … schon eine Weile!

https://www.hslu.ch/de-ch/wirtschaft/weiterbildung/cas/ifz/digital-banking/

Gezielte Ausbildung:CAS Digital Banking Spezialistin und Spezialist im Digitalisierungsprozess in der Finanzbranche

https://muume.com/about/wer-wir-sind/